2 # =============================================================================
3 # (c) Copyright Hewlett-Packard Development Company, L.P., 2005
4 # Written by Matt Anderson <mra@hp.com>
6 # This program is free software: you can redistribute it and/or modify
7 # it under the terms of version 2 the GNU General Public License as
8 # published by the Free Software Foundation.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 # =============================================================================
20 # Verify that pam_loginuid.so allows logins when auditd is running, and denies
21 # them when it is not.
24 # 11/05 Initial version by Matt Anderson <mra@hp.com>
25 # 11/05 Mods to use global TEST_USER by Aron Griffis <aron@hp.com>
28 source testcase.bash ||
exit 2
31 auditd_active
=$
(pidof auditd
)
34 # make sure pam_loginuid is configured with require_auditd
35 if grep "pam_loginuid.so" /etc
/pam.d
/sshd |
grep -qv "require_auditd"; then
36 backup
/etc
/pam.d
/sshd
# restored automatically
37 sed -i '/pam_loginuid\.so/s/$/ require_auditd/' /etc
/pam.d
/sshd || \
41 # make sure auditd is running after test
42 prepend_cleanup
'pidof auditd &>/dev/null || service auditd start'
44 if [[ $action == "fail" && -n $auditd_active ]]; then
45 service auditd stop || exit_error
48 # TEST_USER and TEST_USER_PASSWD are exported in run.bash startup()
51 -o "PubkeyAuthentication no" \
52 -o "NoHostAuthenticationForLocalhost yes" \
53 -l $env(TEST_USER) localhost whoami
54 expect -nocase {password: $} {
55 send "$env(TEST_USER_PASSWD)\r"
57 expect "$env(TEST_USER)" {exit 0}
69 if [[ $action == "fail" && -n $auditd_active ]]; then